retitle -1 check signing key availability (add short keyid test case)
severity -1 minor

Sam writes that the consequences of this bug are that dgit does a lot
of work and then fails with a less than helpful error message.  (Ie,
as I thought, it does not carry on and use a possibly-wrong key, so
this is a useability issue rather than a security problem.)

I think here is the way to fix it:

> I think a better approach is probably for dgit to do a private key
> availability check first, in any case.  The push fails annoyingly,
> after a lot of work has been done, if your key isn't available, too.

One test case that should be added is that this new check properly
fails early when a short keyid is provided.

Thanks,
Ian.

-- 
Ian Jackson <[email protected]>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Reply via email to